Working to help protect customers from vulnerabilities in Adobe software. Contact us at PSIRT(at)adobe(dot)com.

A Security Bulletin (APSB17-42) has been published regarding a security update for Adobe Flash Player. This update addresses a regression that could lead to the unintended reset of the global settings preference file. Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

A Security Bulletin (APSB17-32) has been published regarding security updates for Adobe Flash Player. These updates address a critical vulnerability, and Adobe recommends users update their product installations to the latest versions using the instructions referenced in the security bulletin.

Adobe is aware of a report that an exploit for CVE-2017-11292 exists in the wild, and is being used in limited, targeted attacks against users running Windows.

This posting is provided “AS IS” with no warranties and confers no rights.

Adobe has published security bulletins for Adobe RoboHelp (APSB17-25), Adobe Flash Player (APSB17-28) and ColdFusion (APSB17-30). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.

The Security Bulletin (APSB17-24) published on August 8 regarding updates for Adobe Acrobat and Reader has been updated to reflect the availability of new updates as of August 29.

The August 29 updates resolve a functional regression with XFA forms functionality that affected some users, as well as provide a resolution to security vulnerability CVE-2017-11223. This CVE was originally addressed in the August 8 updates (versions 2017.012.20093, 2017.011.30059 and 2015.006.30352). Due to a functional regression in those releases, optional hotfixes [0,1,2] were offered to affected customers that temporarily reverted the fix for CVE-2017-11223. The August 29 releases resolve both the functional regression and provide a fix for CVE-2017-11223.

At this time, Adobe is not aware of exploits in the wild for CVE-2017-11223, or any of the other issues addressed in the August 8 or August 29 releases.

Adobe has published security bulletins for Adobe Flash Player (APSB17-21) and Adobe Connect (APSB17-22). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the relevant bulletin.

This posting is provided “AS IS” with no warranties and confers no rights.